微点发现2支新的木马软件

Nblock

PCIBUS.SYS  
Norman Virus Control ：

Found Sandbox: W32/Malware; [ General information ]

* **Locates window "ȰЇ̡ʾ [class NULL]" on desktop.

[ Changes to filesystem ]
* Deletes file "C:\SAMPLE.EXE" .
* Creates file C:\WINDOWS\SYSTEM32\Com\comrepl32.exe.
* Creates file C:\WINDOWS\SYSTEM32\taimpo.txt.
* Creates file C:\WINDOWS\SYSTEM32\config\AppEventw.cfg.
* Deletes file C:\WINDOWS\SYSTEM32\taimpo.txt.
* Creates file C:\WINDOWS\SYSTEM32\utility.hiv.
* Deletes file C:\WINDOWS\SYSTEM32\utility.hiv.

[ Network services ]
* Downloads file from http://www.9669093.com/elf_listo.txt as C:\WINDOWS\SYSTEM32\taimpo.txt.
* Connects to "www.9669093.com" on port 80 (TCP).
* Opens URL: www.9669093.com/elf_listo.txt.
* Connects to "FAKE" on port 4444 (TCP).

[ Security issues ]
* Possible backdoor functionality [UNKNOWN] port 4444.

[ Process/window information ]
* Creates a mutex tls.
* Enumerates running processes.
* Enumerates running processes several parses....

[ 本帖最后由 Nblock 于 2007-10-22 13:01 编辑 ]

红心王子

cc.rar 小a没报

2007-10-22        12:52:45        1193028765        Administrator        268        Sign of "Win32:Hupigon-DKZ [Trj]" has been found in "D:\Downloads\1.rar\1.exe" file.

Nblock

cc卡巴扫描不报

chow2006

原帖由 <i>红心王子</i> 于 2007-10-22 12:53 发表 <a href="http://bbs.kafan.cn/redirect.php?goto=findpost&pid=1933081&ptid=146841" target="_blank"><img src="http://bbs.kafan.cn/images/common/back.gif" border="0" onclick="zoom(this)" onload="attachimg(this, 'load')" alt="" /></a><br />
cc.rar 小a没报<br />
<br />
2007-10-22        12:52:45        1193028765        Administrator        268        Sign of "Win32:Hupigon-DKZ " has been found in "D:\Downloads\1.rar\1.exe" file.

<br />

刚好相反，费尔报了CC.rar，19号的病毒库

风野胤

eav报壳
恩
R:\1.rar » RAR » 1.exe - Win32/Packed.PEArmor.Gen application

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\CC.rar'
C:\Users\morgan\Documents\
  CC.rar
    [0] Archive type: RAR
    --> CC.EXE
        [DETECTION] Is the Trojan horse TR/Dldr.Agent.45056
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!
Begin scan in 'C:\Users\morgan\Documents\1.rar'
C:\Users\morgan\Documents\
  1.rar
    [0] Archive type: RAR
    --> 1.exe
        [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!

The EQs

C:\Documents and Settings\Don johnson\桌面\1.rar &raquo; RAR &raquo; 1.exe - Win32/Packed.PEArmor.Gen application
C:\Documents and Settings\Don johnson\桌面\CC.rar &raquo; RAR &raquo; CC.EXE - a variant of Win32/Jalous worm

saber123

CC.rar检测结果:
扫描结果

扫描结果 :	51%的杀软(18/35)报告发现病毒
时间 :	2007/10/22 13:02:27 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2007.10.21	2007-10-21	-	8.456
安博士V3	2007.10.20.00	2007.10.20	2007-10-20	-	1.441
AntiVir	7.6.0.27	7.0.0.114	2007-10-21	TR/Dldr.Agent.45056	2.506
Arcavir	1.0.4	200710211455	2007-10-21	Heur.Win32.I	1.896
AVAST	1.0.8	000783-0	2007-10-21	-	3.439
AVG	7.5.49.442	269.15.5/1084	2007-10-21	-	2.114
BitDefender	7.60825.934459	7.15416	2007-10-22	MemScan:Trojan.Downloader.Agent.YQS	3.963
CA (VET)	8.4.0.24	31.2.5225	2007-10-20	-	2.807
ClamAV	0.91.2	4558	2007-10-22	PUA.Packed.UPack-2	0.007
Comodo	2.11	2.0.0.320	2007-10-21	-	6.713
Dr.WEB	4.33	2007.10.21	2007-10-21	-	8.865
ewido	4.0.0.2	2007.10.21	2007-10-21	-	5.703
F-PROT	4.4.0.50	20071018	2007-10-18	Possible W32/Heuristic-162!Eldorado (damaged, not disinfectable)	3.180
F-SECURE	5.51.6100	2007.10.22.01	2007-10-22	-	5.145
飞塔	2.81-3.11	8.264	2007-10-21	Suspicious	2.705
ViRobot	20071019	2007.10.19	2007-10-19	-	4.500
IKARUS	T3.1.1.12	2007.10.21.69696	2007-10-21	Trojan-Downloader.Win32.Zlob.and	5.598
江民杀毒	10.00.650	2007.10.21	2007-10-21	Trojan/Agent.kxp	5.090
卡巴斯基	5.5.10	2007.10.22	2007-10-22	-	8.230
金山毒霸	2007.6.20.249	2007.10.20	2007-10-20	-	14.251
迈克菲	5.2.00	5145	2007-10-19	New Malware.aj	2.389
MKS_VIR	2.01	2007.10.20	2007-10-20	Heur.Win32	2.196
NOD32	2.70.10	2605	2007-10-22	-	0.003
NORMAN	5.91.08	5.90	2007-10-19	W32/Suspicious_U.gen	3.480
熊猫卫士	9.04.03.0001	2007.10.21	2007-10-21	-	4.836
趋势	8.500-1001	4.788.01	2007-10-21	TROJ_DLOADER.RTH	0.038
Prevx	V2	20071022	2007-10-22	-	36.157
QuickHeal	9.00	2007.10.20	2007-10-20	Suspicious - DNAScan	7.649
瑞星	19.0	19.45.62.00	2007-10-21	-	3.541
SOPHOS	2.49.1	4.21	2007-10-22	Mal/Packer	6.481
赛门铁克	1.3.0.24	20071021.005	2007-10-21	-	7.560
nProtect	2007-10-19.00	983365	2007-10-19	BehavesLike:Win32.ExplorerHijack	26.667
The Hacker	6.2.9	v00103	2007-10-21	W32/Behav-Heuristic-060	0.765
VBA32	3.12.2.4	20071021.1047	2007-10-21	Embedded.Worm.Win32.Downloader.a (suspicious)	1.799
VirusBuster	4.3.19:9	9.112.2/11.0	2007-10-21	Packed/Upack	1.026

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

1.RAR检测结果:
扫描结果

扫描结果 :	46%的杀软(16/35)报告发现病毒
时间 :	2007/10/22 13:12:28 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2007.10.21	2007-10-21	-	7.471
AntiVir	7.6.0.27	7.0.0.114	2007-10-21	BDS/Hupigon.Gen	2.047
Arcavir	1.0.4	200710211455	2007-10-21	-	1.365
AVAST	1.0.8	000783-0	2007-10-21	Win32:Hupigon-DKZ [Trj]	3.061
AVG	7.5.49.442	269.15.5/1084	2007-10-21	Packed.PE-Armor	1.668
BitDefender	7.60825.934459	7.15416	2007-10-22	Packer.PEArmor.A	4.029
CA (VET)	8.4.0.24	31.2.5225	2007-10-20	-	3.640
ClamAV	0.91.2	4558	2007-10-22	Trojan.Graybird-16	0.121
Comodo	2.11	2.0.0.320	2007-10-21	-	2.233
Dr.WEB	4.33	2007.10.21	2007-10-21	-	6.538
ewido	4.0.0.2	2007.10.21	2007-10-21	-	3.065
F-PROT	4.4.0.50	20071018	2007-10-18	Possible W32/Threat-HLLPEM-based!Maximus	1.553
F-SECURE	5.51.6100	2007.10.22.01	2007-10-22	-	2.714
IKARUS	T3.1.1.12	2007.10.21.69696	2007-10-21	Backdoor.Win32.Hupigon.cda	1.658
MKS_VIR	2.01	2007.10.20	2007-10-20	-	2.261
NOD32	2.70.10	2605	2007-10-22	-	0.003
NORMAN	5.91.08	5.90	2007-10-19	W32/Kenfa.D	3.356
nProtect	2007-10-19.00	983365	2007-10-19	Packer.PEArmor.A	14.191
Prevx	V2	20071022	2007-10-22	-	17.512
QuickHeal	9.00	2007.10.20	2007-10-20	-	3.301
SOPHOS	2.49.1	4.21	2007-10-22	Mal/GrayBird	3.216
The Hacker	6.2.9	v00103	2007-10-21	-	0.775
VBA32	3.12.2.4	20071021.1047	2007-10-21	-	2.000
ViRobot	20071019	2007.10.19	2007-10-19	-	0.509
VirusBuster	4.3.19:9	9.112.2/11.0	2007-10-21	Packed/PE-Armor	3.456
卡巴斯基	5.5.10	2007.10.22	2007-10-22	-	4.301
安博士V3	2007.10.20.00	2007.10.20	2007-10-20	-	1.314
江民杀毒	10.00.650	2007.10.21	2007-10-21	-	1.341
熊猫卫士	9.04.03.0001	2007.10.21	2007-10-21	-	5.115
瑞星	19.0	19.45.62.00	2007-10-21	Backdoor.Gpigeon.GEN	2.137
赛门铁克	1.3.0.24	20071021.005	2007-10-21	-	0.231
趋势	8.500-1001	4.788.01	2007-10-21	Possible_HPGN-1	0.039
迈克菲	5.2.00	5145	2007-10-19	BackDoor-AWQ.b	0.876
金山毒霸	2007.6.20.249	2007.10.20	2007-10-20	Win32.Hack.Huigezi.cz	1.205
飞塔	2.81-3.11	8.264	2007-10-21	Suspicious	0.628

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

[ 本帖最后由 saber123 于 2007-10-22 13:15 编辑 ]

capsshift

1.exe,瑞星报已知。
CC。EXE，运行后，瑞星主防拦截信息与微点相同。

残缺的唯美

The requested URL http://bbs.kafan.cn/attachment.php?aid=142381 is infected with Heur.Trojan.Generic virus
deleted: virus Heur.Backdoor.Generic        File: C:\Users\Administrator\Desktop\1.rar/1.exe//PE-Armor